CMA currently exposes metrics on two ports via the 0.0.0.0 all hosts binding. We need to make sure that only the TLS port is accessible from outside localhost.
- Move the binding for the local metrics server to localhost only
- Ensure kube-rbac-proxy is still proxying the requests over TLS
- Cluster Infra
- Subin M
- Metrics from CMA are only exposed over TLS
- <Add docs requirements for this card>
- <Explain testing that will be added>